The personal data is processed by us in accordance with the regulations of the EU General Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG) on the basis of the following legal grounds:
1. a) For the performance of a contract (Article 6 para. 1 lit. b DS-GVO).
The processing of personal data is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, which are carried out at the request of the data subject.
If you make use of additional services, your data will be processed insofar as this is necessary for the provision of these additional services.
b) In the context of commissioned processing (Article 28 DS-GVO).
The processing of personal data on behalf of third parties shall take place exclusively on the basis of instructions within the framework of the statutory regulations.
2. within the framework of the balancing of interests (Article 6 para. 1 lit. f DS-GVO).
Beyond the actual performance of the contract with you, we process your data insofar as it is necessary to protect our legitimate interests or the legitimate interests of third parties provided that your interests do not prevail. Examples are:
- Internal and external communication
- Internal and external monitoring (ICS controls or metrics)
- Internal and external investigations, security checks
- Credit assessment to avoid bad debts
- Measures for business management and further development of services and products
- Authorization management
- IT security measures
- Event management
- Assertion / defense of legal claims, including legal disputes
- Prevention and detection of criminal acts
- Measures for building and facility security (e.g. access controls)
- Measures to ensure domiciliary rights
- Risk management via the Wagner group of companies
3. on the basis of your consent (Article 6 para. 1 lit. a DS-GVO).
Insofar as you have consented to certain processing of your personal data (e.g. newsletter dispatch, participation in promotions), the lawful processing of your personal data is based on this consent. You can revoke a given consent at any time with effect for the future. This also applies to declarations of consent that you gave us before the GDPR came into force, i.e. before May 25, 2018. Since the revocation of consent applies to the future, it does not affect the validity of the processing until the time of revocation.
4. statutory or legal requirements (Article 6 para. 1 lit. c DS-GVO or in the public interest (Article 6 para. 1 lit. e DS-GVO).
In addition, various legal obligations apply to us as a company (e.g. tax laws, money laundering law). These include, among others, identity verification, fraud and money laundering prevention, the fulfillment of control and reporting obligations under tax law, and the assessment and management of risks in the company and the Wagner Group.